SAN DIEGO, Calif. – Ninety-five percent of user comments on blogs, message boards and chat rooms are spam or contain links to malicious code, according to a new report from Websense Security Labs.The bi-annual research report, “Websense Security Labs, State of Internet Security, Q1-Q2 2009,” is chock-full of frightening statistics. For example, the number of websites that distribute malicious code has grown by 233 percent within the past six months and 671 percent within the past year.

“The last six months have shown that malicious hackers and fraudsters go where the people are on the Web and have heightened their attacks on popular Web 2.0 sites and continued to compromise established, trusted websites in the hope of infecting unsuspecting users,” Websense Chief Technology Officer Dan Hubbard said. “From malicious Twitter spam campaigns and blog comment spam to the massive injection attacks, those perpetrating fraud are exploiting the inherent trust users have of known Web properties and other users.”

Other statistics revealed by the report:

• In the first half of 2009, 77 percent of websites containing malicious code were legitimate sites that had been compromised. The high percentage was maintained over the six months due in part to widespread attacks including Gumblar, Beladen and Nine Ball, which aimed massive injection campaigns at trusted and known Web properties.

• Efforts to self-police Web 2.0 properties have been ineffective. Websense research shows community-driven security tools used on sites like YouTube and BlogSpot are only 25-35 percent effective in protecting users from objectionable content and security risks.

• The “dirty” Web is getting dirtier: 69 percent of all Web pages with content classified as “objectionable” (e.g. sex, adult content, gambling, drugs) also had at least one malicious link. Seventy-eight percent of all new Web pages launched in the “objectionable” category during the first half of 2009 contained at least one malicious link.

• Thirty-seven percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

• The Web continues to be the most popular vector for data-stealing attacks. In the first half of 2009 the Websense Security Labs found 57 percent of data-stealing attacks were conducted over the Web.

• The convergence of blended Web and email threats continues to increase. Websense Security Labs reported 85.6 percent of all unwanted emails in circulation during the first half of the year contained links to spam sites and/or malicious websites. In June alone, the total number of emails detected as containing viruses increased 600 percent over the previous month.

The complete report is located here.